Deploy local-path with helm

bin/update.sh

@@ -4,26 +4,6 @@
 # Run from files directory
 #
 
-wget https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
-kubernetes-split-yaml local-path-storage.yaml > generated.log
-mv files/local{,.old}
-mv generated files/local
-echo -e "---\nstorage_localpath_files_list:" > vars/local.yaml
-cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> vars/local.yaml
-sed 's|/opt/local-path-provisioner|/mnt/local|' -i files/local/local-path-config-ConfigMap.yaml
-#mv local-path-storage.yaml local-path-storage_$(date +%Y%m%d).yaml
-rm -fr files/local.old generated.log local-path-storage.yaml
-
-wget https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml
-kubernetes-split-yaml longhorn.yaml > generated.log
-mv files/longhorn{,.old}
-mv generated files/longhorn
-echo -e "---\nstorage_longhorn_files_list:" > vars/longhorn.yaml
-cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> vars/longhorn.yaml
-sed '/numberOfReplicas/ s/3/2/' -i files/longhorn/longhorn-storageclass-ConfigMap.yaml
-sed '/default-data-path/ s|:.*$|: "/var/lib/longhorn/"|' -i files/longhorn/longhorn-default-setting-ConfigMap.yaml 
-rm -fr files/longhorn.old generated.log longhorn.yaml
-
 #git clone https://github.com/linode/linode-blockstorage-csi-driver.git
 #mv linode{,.old}
 #mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode
@@ -57,30 +37,6 @@ done
 rm -fr files/digitalocean.old
 
 
-# https://github.com/kubernetes-incubator/external-storage/tree/master/nfs
-NFS_FILE=vars/nfs.yml
-echo -e "---\nstore_nfs_files:" > "${NFS_FILE}"
-mv files/nfs{,.old}
-mkdir files/nfs
-for FICHIER in psp.yaml rbac.yaml deployment.yaml class.yaml; do
-    wget https://github.com/kubernetes-incubator/external-storage/raw/master/nfs/deploy/kubernetes/$FICHIER
-    kubernetes-split-yaml $FICHIER >> generated.log
-    mv generated/* files/nfs/
-    cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> "${NFS_FILE}"
-    rm -f $FICHIER generated.log
-done
-for i in nfs-provisioner-runner-ClusterRole.yaml run-nfs-provisioner-ClusterRoleBinding.yaml leader-locking-nfs-provisioner-Role.yaml leader-locking-nfs-provisioner-RoleBinding.yaml; do
-    sed "s/namespace:.*/namespace: nfs-provisioner/g" -i files/nfs/$i
-done
-sed 's|^\(apiVersion:\).*|\1 policy/v1beta1|' -i files/nfs/nfs-provisioner-PodSecurityPolicy.yaml
-sed 's|\(.*-provisioner=\).*"|\1reslinger.net/nfs"|' -i files/nfs/nfs-provisioner-Deployment.yaml
-sed 's/example-nfs-//' -i "${NFS_FILE}"
-mv files/nfs/example-nfs-StorageClass.yaml files/nfs/StorageClass.yaml
-sed 's|example-nfs|nfs|' -i files/nfs/StorageClass.yaml
-sed 's|example.com/nfs|reslinger.net/nfs|' -i files/nfs/StorageClass.yaml
-rm -fr files/nfs.old
-
-
 
 #https://github.com/scaleway/scaleway-csi
 #https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver

defaults/main.yml

@@ -1,9 +1,17 @@
 my_context: minikube
+
+storage_manual: true
+
 storage_localpath: true
+storage_localpath_default_path: "/mnt/local"
+storage_localpath_namespace: "local-path-storage"
+
 storage_longhorn: true
 storage_longhorn_namespace: "longhorn-system"
 
 storage_nfs: false
+storage_nfs_namespace: "nfs-client-provisioner"
+
 storage_linode: false
 storage_digitalocean: false
 storage_secrets_store: false

files/local-path/ClusterRole.yml

@@ -0,0 +1,49 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: local-path-provisioner
+    app.kubernetes.io/name: local-path-provisioner
+  name: local-path-provisioner
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - local-path-policy
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - persistentvolumeclaims
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - persistentvolumes
+  - pods
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch

files/local-path/ClusterRoleBinding.yml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: local-path-provisioner
+    app.kubernetes.io/name: local-path-provisioner
+  name: local-path-provisioner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: local-path-provisioner
+subjects:
+- kind: ServiceAccount
+  name: local-path-provisioner
+  namespace: local-path-storage

files/local-path/PodSecurityPolicy.yml

@@ -0,0 +1,24 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: local-path-policy
+spec:
+  privileged: true
+  fsGroup:
+    rule: RunAsAny
+  allowedCapabilities:
+  - DAC_READ_SEARCH
+  - SYS_RESOURCE
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - persistentVolumeClaim
+  - secret
+  - hostPath

files/local-path/ServiceAccount.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: local-path-provisioner
+    app.kubernetes.io/name: local-path-provisioner
+  name: local-path-provisioner

files/local/local-path-StorageClass.yaml

@@ -1,7 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: local-path
-provisioner: rancher.io/local-path
-volumeBindingMode: WaitForFirstConsumer
-reclaimPolicy: Delete

files/local/local-path-config-ConfigMap.yaml

@@ -1,62 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: local-path-config
-  namespace: local-path-storage
-data:
-  config.json: |-
-        {
-                "nodePathMap":[
-                {
-                        "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
-                        "paths":["/mnt/local"]
-                }
-                ]
-        }
-  setup: |-
-        #!/bin/sh
-        while getopts "m:s:p:" opt
-        do
-            case $opt in
-                p)
-                absolutePath=$OPTARG
-                ;;
-                s)
-                sizeInBytes=$OPTARG
-                ;;
-                m)
-                volMode=$OPTARG
-                ;;
-            esac
-        done
-
-        mkdir -m 0777 -p ${absolutePath}
-  teardown: |-
-        #!/bin/sh
-        while getopts "m:s:p:" opt
-        do
-            case $opt in
-                p)
-                absolutePath=$OPTARG
-                ;;
-                s)
-                sizeInBytes=$OPTARG
-                ;;
-                m)
-                volMode=$OPTARG
-                ;;
-            esac
-        done
-
-        rm -rf ${absolutePath}
-  helperPod.yaml: |-
-        apiVersion: v1
-        kind: Pod
-        metadata:
-          name: helper-pod
-        spec:
-          containers:
-          - name: helper-pod
-            image: busybox
-
-

files/local/local-path-provisioner-Deployment.yaml

@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: local-path-provisioner
-  namespace: local-path-storage
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: local-path-provisioner
-  template:
-    metadata:
-      labels:
-        app: local-path-provisioner
-    spec:
-      serviceAccountName: local-path-provisioner-service-account
-      containers:
-      - name: local-path-provisioner
-        image: rancher/local-path-provisioner:v0.0.19
-        imagePullPolicy: IfNotPresent
-        command:
-        - local-path-provisioner
-        - --debug
-        - start
-        - --config
-        - /etc/config/config.json
-        volumeMounts:
-        - name: config-volume
-          mountPath: /etc/config/
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-      volumes:
-        - name: config-volume
-          configMap:
-            name: local-path-config

files/local/local-path-provisioner-bind-ClusterRoleBinding.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: local-path-provisioner-bind
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: local-path-provisioner-role
-subjects:
-- kind: ServiceAccount
-  name: local-path-provisioner-service-account
-  namespace: local-path-storage

files/local/local-path-provisioner-role-ClusterRole.yaml

@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: local-path-provisioner-role
-rules:
-- apiGroups: [""]
-  resources: ["nodes", "persistentvolumeclaims", "configmaps"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["endpoints", "persistentvolumes", "pods"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["create", "patch"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list", "watch"]

files/local/local-path-provisioner-service-account-ServiceAccount.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: local-path-provisioner-service-account
-  namespace: local-path-storage

files/local/local-path-storage-Namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: local-path-storage

tasks/local-path.yml

@@ -0,0 +1,71 @@
+---
+- name: Local-path
+  block:
+  - name: Include file list
+    include_vars: "local-path.yaml"
+
+  - name: Defined local-path-storage state to present
+    set_fact:
+      storage_localpath_state: present
+    when:
+      - storage_localpath|bool
+
+  - name: find state of local-path-storage
+    set_fact:
+      storage_localpath_state: absent
+    when:
+      - not storage_localpath|bool
+
+  - name: namespace
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      merge_type: merge
+      definition:
+        api_version: v1
+        kind: Namespace
+        metadata:
+          name: "{{ storage_localpath_namespace }}"
+          labels:
+            namespace: '{{ storage_localpath_namespace }}'
+    when:
+      - storage_localpath|bool
+
+  - name: local-path-storage need to be {{ storage_localpath_state }}
+    k8s:
+      state: "{{ storage_localpath_state }}"
+      context: "{{ my_context }}"
+      namespace: "{{ storage_localpath_namespace }}"
+      merge_type: merge
+      resource_definition: "{{ lookup('file', 'local-path/' + item) | from_yaml }}"
+    with_items:
+      - "{{ storage_localpath_files_list }}"
+
+# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
+  - name: Downloal Local-path repository
+    block:
+    - name: Git clone stable repo on HEAD
+      ansible.builtin.git:
+        repo: "https://github.com/rancher/local-path-provisioner.git"
+        dest: tmp/local-path-provisioner
+
+    - name: Deploy local-path chart from local path
+      community.kubernetes.helm:
+        state: "{{ storage_localpath_state }}"
+        name: local-path-provisioner
+        context: "{{ my_context }}"
+        chart_ref: tmp/local-path-provisioner/deploy/chart
+        release_namespace: "{{ storage_localpath_namespace }}"
+        create_namespace: true
+        values:
+          rbac:
+            create: false
+          serviceAccount:
+            create: false
+            name: local-path-provisioner
+          nodePathMap:
+            - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
+              paths: [/mnt/local]
+  tags:
+    - storage
+    - local-path

tasks/local.yml

@@ -1,24 +0,0 @@
----
-  - name: Include file list
-    include_vars: "local.yaml"
-
-  - name: Defined local-path-storage state to present
-    set_fact:
-      storage_localpath_state: present
-    when:
-      - storage_localpath|bool
-
-  - name: find state of local-path-storage
-    set_fact:
-      storage_localpath_state: absent
-    when:
-      - not storage_localpath|bool
-
-  - name: local-path-storage need to be {{ storage_localpath_state }}
-    k8s:
-      state: "{{ storage_localpath_state }}"
-      context: "{{ my_context }}"
-      merge_type: merge
-      resource_definition: "{{ lookup('file', 'local/' + item) | from_yaml }}"
-    with_items:
-      - "{{ storage_localpath_files_list }}"

tasks/main.yml

@@ -1,12 +1,41 @@
 - name: Local Path setup
   block:
-#  - include_tasks: "manual.yml"
-  - include_tasks: "local.yml"
+  - name: Define Manual StorageClass
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      definition:
+        kind: StorageClass
+        apiVersion: storage.k8s.io/v1
+        metadata:
+          name: manual
+        provisioner: kubernetes.io/no-provisioner
+        volumeBindingMode: WaitForFirstConsumer
+    when:
+      - storage_manual|bool
+    tags:
+      - manual
+      - storage
+
+  - include_tasks: "local-path.yml"
+    tags:
+      - local-path
+      - storage
   - include_tasks: "longhorn.yml"
     tags:
       - longhorn
       - storage
   - include_tasks: "nfs.yml"
+    tags:
+      - nfs
+      - storage
+
+# https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3
+# https://github.com/ctrox/csi-s3
+# https://github.com/kahing/goofys
+# https://github.com/reactr-io/gocachefs
+
+
   - include_tasks: "digital_ocean.yml"
   - include_tasks: "linode.yml"
   - include_tasks: "secrets-store.yml"

vars/local-path.yaml

@@ -0,0 +1,6 @@
+---
+storage_localpath_files_list:
+  - "PodSecurityPolicy.yml"
+  - "ClusterRole.yml"
+  - "ClusterRoleBinding.yml"
+  - "ServiceAccount.yml"

vars/local.yaml

@@ -1,9 +0,0 @@
----
-storage_localpath_files_list:
-  - "local-path-storage-Namespace.yaml"
-  - "local-path-provisioner-service-account-ServiceAccount.yaml"
-  - "local-path-provisioner-role-ClusterRole.yaml"
-  - "local-path-provisioner-bind-ClusterRoleBinding.yaml"
-  - "local-path-provisioner-Deployment.yaml"
-  - "local-path-StorageClass.yaml"
-  - "local-path-config-ConfigMap.yaml"